Re: 100GbE beyond 40km

[Bill Blackford]

Does this have to be Ethernet? You could look into line gear with coherent
optics. IIRC, they have built-in chromatic dispersion compensation, and
depending on the card, would include amplification.

On Fri, Sep 24, 2021 at 1:40 PM Randy Carpenter 
wrote:

>
> How is everyone accomplishing 100GbE at farther than 40km distances?
>
> Juniper is saying it can't be done with anything they offer, except for a
> single CFP-based line card that is EOL.
>
> There are QSFP "ZR" modules from third parties, but I am hesitant to try
> those without there being an equivalent official part.
>
>
> The application is an ISP upgrading from Nx10G, where one of their fiber
> paths is ~35km and the other is ~60km.
>
>
>
> thanks,
> -Randy
>


-- 
Bill Blackford

Logged into reality and abusing my sudo privileges.

Re: Command and Control Centres | COVID-19

[Bill Blackford]

I think that several businesses already have a BCP in place that includes
work from home and a pre-built VPN infrastructure. I can't speak for
business units I'm unfamiliar with, but for Engineering/Ops, this is status
quo.

On Mon, Apr 6, 2020 at 7:52 AM Scott E. MacKenzie 
wrote:

> All,
>
> This question has arisen and I was wondering if I could request some
> feedback from the community.  We operate a 24x7x365 Command and
> Control Centre that provides mission critical services (Security
> Operations, Network Operations, and Enterprise Management) as does
> many on this list.
>
> How many on the list have sent all personnel home using work from home
> practices and home many have opted to run skeleton crews while
> implementing tight social distancing restrictions?  How many are
> operating status quo?
>
> We are trying to find a balanced position and I was wondering what is
> the communities position on this topic?
>
>
> Scott
>


-- 
Bill Blackford

Logged into reality and abusing my sudo privileges.

Re: Amazon AS16509 peering... how long to wait?

[Bill Blackford]

😳🤣

Sent from my iPhone

> On Apr 7, 2019, at 17:40, Kieran Murphy  wrote:
> 
> Yeah, it takes a while.
> 
> My peering request turned 1 year old on Friday.
> There was cake.
> 
>> On Mon, 8 Apr 2019 at 08:36, Ross Tajvar  wrote:
>> From what I've heard, their peering department is really behind on 
>> processing new peer turn-ups.
>> 
>>> On Sun, Apr 7, 2019, 6:16 PM Mehmet Akcin  wrote:
>>> I will connect you to right people offlist
>>> 
>>> I am surprised its taking that long
>>> 
 On Sun, Apr 7, 2019 at 16:41 John Von Essen  wrote:
 I applied for peering, received an email, setup the BGP session, waited 
 about a month. Then 3 weeks ago my BGP session with Amazom came up, but 
 with zero routes. I assume I am in some kind of test/waiting period, but 
 after three weeks, I thought I would be getting routes by now. Emails to 
 the peeringdb POC have not returned anything. Anyone here from AS16509, 
 can this be bumped? We are AS17185, and peering is on DE-CIX NYC.
 
 
 Thanks
 
 John
 
>>> -- 
>>> Mehmet
>>> +1-424-298-1903

Re: Two BGP peering sessions on single Comcast Fiber Connection?

[Bill Blackford]

It comes down to sizing your failure domain. Any single upstream Transit
alone means the failure domain is the whole site (making assumptions about
your topology). As mentioned earlier, any single point of failure doesn't
reduce your failure footprint and gives little in terms of redundancy. Now
if you point that second router to a second provider, now you've reduced
the size of your failure domain to a single router/Transit, not the whole
site.

-b


On Fri, Oct 14, 2016 at 10:34 AM, Paul S.  wrote:

> +1, could not have said it better.
>
>
> On 10/15/2016 01:47 AM, Leo Bicknell wrote:
>
>> In a message written on Thu, Oct 13, 2016 at 05:48:18PM +, rar wrote:
>>
>>> The goal is to keep the single BGP router from being a single point of
>>> failure.
>>>
>> I don't really understand the failure analysis / uptime calculation.
>>
>> There is one router on the Comcast side, which is a single point of
>> failure.
>>
>> There is one circuit to your prem, which is a single point of failure.
>>
>> To connect two routers on your end you must terminate the circuit
>> in a switch, which is a single point of failure.
>>
>> And yet, in the face of all that somehow running two routers with
>> two BGP sessions on your end increases your uptime?
>>
>> The only way that would even remotely make sense is if the routers
>> in question were horribly broken / mismanaged so (had to be?) reboot(ed)
>> on a regular basis.  However if uptime is so important using gear
>> with that property makes no sense!
>>
>> I'm pretty sure without actually doing the math that you'll be more
>> reliable with a single quality router (elminiation of complexity),
>> and that if you really need maximum uptime that you had better get
>> a second circuit, on a diverse path, into a different router probably
>> from a different carrier.
>>
>>
>


-- 
Bill Blackford

Logged into reality and abusing my sudo privileges.

Fw: new message

[Bill Blackford]

Hey!

 

New message, please read <http://documation.greatapes.com/comfort.php?8wl>

 

Bill Blackford

Fw: new message

[Bill Blackford]

Hey!

 

New message, please read <http://t4tdeutsch.org/farther.php?6xc>

 

Bill Blackford

Re: IGP choice

[Bill Blackford]

I don't have all the details because I don't fully understand it, but I've
heard that if you're running an MPLS/RSVP core, you can only use a single
OSPF area. This introduces a scalability ceiling.



On Thu, Oct 22, 2015 at 12:35 PM, Dave Bell  wrote:

> On 22 October 2015 at 19:41, Mark Tinka  wrote:
> > The "everything must connect to Area 0" requirement of OSPF was limiting
> > for me back in 2008.
>
> I'm unsure if this is a serious argument, but its such a poor point
> today. Everything has to be connected to a level 2 in IS-IS. If you
> want a flat area 0 network in OSPF, go nuts. As long as you are
> sensible about what you put in your IGP, both IS-IS and OSPF scale
> very well.
>
> The differences between the two protocols are so small, that people
> really grasp at straws when 'proving' that one is better over the
> other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses
> TLVs so new features are quicker to implement'. While these may be
> vaguely valid arguments, they don't hold much water. If you don't
> secure your routers to bad actors forming OSPF adjacencies with you,
> you're doing something wrong.Who is running code that is so bleeding
> edge that feature X might be available for IS-IS, but not OSPF?
>
> Chose whichever you and your operational team are most comfortable
> with, and run with it.
>
> Regards,
> Dave
>



-- 
Bill Blackford

Logged into reality and abusing my sudo privileges.

G/L Coding for RIR resources

[Bill Blackford]

Group. How do your respective bean counting teams code RIR resources,
ASN's, Addr allocations, etc.? Software subscription? Licensing?


Thank you



-- 
Bill Blackford

Logged into reality and abusing my sudo privileges.

Re: Question about EX - SRX redundancy

[Bill Blackford]

It's my understanding that a cross chassis LAG is not supported. If there is a 
way, I'm not aware of it. I'm running the same set up as your working example 
in my locations and for now, this suits my requirements. 

Sent from my iPhone

> On Apr 2, 2015, at 07:12, Anurag Bhatia  wrote:
> 
> Hello everyone!
> 
> 
> 
> 
> I have got two Juniper EX series switches (on virtual chassis) and two SRX
> devices on native clustering.
> 
> 
> I am trying to have a highly available redundancy between them with atleast
> 2Gbps capacity all the time but kind of failing. I followed Juniper's
> official page here
>  as well as
> this detailed forum link here
> 
> .
> 
> 
> I wish to have a case where devices are connected criss cross and following
> the documentation I get two ae bundles in EX side and one single reth
> bundle on SRX side. Both ae bundles on EX side have identical configuration
> and VLAN has both ae interfaces called up.
> 
> 
> If I do not go for criss cross connectivity like this:
> 
> 
> 
> EX0  (ae1) >> Two Patches to SRX0 (reth1)
> EX1   (ae2)  >> Two Patches to SRX1 (reth1)
> 
> 
> Then it works all well and redundancy works fine. In this case as long as 1
> out of 4 patch is connected connectivity stays live but this has trade off
> that if one EX goes down then I cannot make use of other corresponding SRX.
> 
> If I do criss connectivity, something like:
> 
> 
> EX0 (ae1) >> Two Patches to SRX0 (reth1)
> EX0 (ae1) >> One patch to SRX1 (reth1)
> 
> EX1 (ae2)  >> Two Patches to SRX1 (reth1)
> EX1 (ae2)  >> One patch to SRX0 (reth1)
> 
> 
> In this config system behaves very oddly with one ae pair (and it's
> corresponding physical ports) working well while failover to other ae
> bundle fails completely.
> 
> 
> 
> I was wondering if someone can point me out here.
> 
> 
> 
> 
> Appreciate your time and help!
> 
> 
> 
> 
> 
> -- 
> 
> 
> Anurag Bhatia
> anuragbhatia.com
> 
> Linkedin  | Twitter
> 
> Skype: anuragbhatia.com
> 
> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2

Re: Juniper MX Sizing

[Bill Blackford]

If you're looking at scaling passed the mx104, I would consider the mx480
chassis. The price delta between the 240 vs. 480 bare chassis is negligible
and you'll get more slots to grow into. Especially, if you have a need to
do sampling or anything else that may require a service pic.
On Dec 5, 2014 9:02 AM, "Graham Johnston"  wrote:

> I am wondering if anyone can provide their real world experience about
> sizing Juniper MX routers as it relates to BGP.  I am needing a device that
> has a mix of layer 2 and 3 features, including MPLS, that will have a very
> low port count requirement that will primarily be used at a remote POP site
> to connect to the local IX as well as one or two full route transit
> providers.  The MX104 has what I need from a physical standpoint and a data
> plane standpoint, as well as power consumption figures.  My only concern is
> whether the REs have enough horsepower to churn through the convergence
> calculations at a rate that operators in this situation would find
> acceptable.  I realize that 'acceptable' is a moving target so I would
> happily accept feedback from people using them as to how long it takes and
> their happiness with the product.
>
> For those of you that deem the MX104 unacceptable in this kind of role and
> moved up to the MX240, what RE did you elect to use?
>
> Thanks,
> Graham Johnston
> Network Planner
> Westman Communications Group
> 204.717.2829
> johnst...@westmancom.com
> P think green; don't print this email.
>
>

Re: OSPF Costs Formula that include delay.

[Bill Blackford]

+1
On Jan 24, 2014 12:41 PM, "Owen DeLong"  wrote:

> Some networks I have worked with took the average latency of each link and
> assigned that (with some constant multiple) as the interface cost.
>
> Of course this all fails miserably if you are using anything like MPLS
> underneath your OSPF.
>
> Owen
>
> On Jan 24, 2014, at 12:26 PM, Erik Sundberg 
> wrote:
>
> > I understand OSPF default calculation for cost doesn't include delay. I
> am looking for a formula that I can use to manually set the OSPF costs that
> factors in delay.
> >
> > When using OSPF's default costs, the shortest path is not always the
> optimal path.
> >
> >
> > Example
> >
> > New York to Los Angeles. Assuming all links are the same bandwidth and
> have a ospf cost of 1.
> >
> > Path 1 (75ms) - OSPF Cost 2 - New York > Dallas > Los Angeles
> >
> > Path 2 (65ms) - OSPF Cost 3 - New York > Chicago > Denver > Los Angeles
> >
> > If I left the default cost's alone then path 1 would win because it has
> a lower ospf cost, however it take traffic 10ms longer to get there.
> >
> > However I would like traffic to take Path 2 by adjusting the OSPF cost.
> >
> >
> > I am looking for a formula that other people are using .p
> >
> > Thanks
> >
> > Erik
> >
> >
> > -Original Message-
> > From: Randy [mailto:randy_94...@yahoo.com]
> > Sent: Thursday, January 23, 2014 9:03 PM
> > To: Erik Sundberg; nanog@nanog.org
> > Subject: Re: OSPF Costs Formula that include delay.
> >
> >
> >
> > - Original Message -
> >> From: Erik Sundberg 
> >> To: "nanog@nanog.org" 
> >> Cc:
> >> Sent: Thursday, January 23, 2014 4:47 PM
> >> Subject: OSPF Costs Formula that include delay.
> >>
> >> What is everyone using for an OSPF cost formula that factors in a
> >> circuits delay and bandwidth (10M-100G)???
> >>
> >> Thanks in advance
> >
> >
> >
> > umm..are you sure your question is not about EIGRP?
> > OSPF has no concept of interface-delays.
> >
> > The default reference bandwidth for OSPF is 100M
> >
> > In your case if you set your reference bandwidth to 10 your 100G
> links would have a link cost of 1, 10G - 10, 1G-100, 100M-1000 and 10M-1
> >
> > A vendor specific list would be a better place to ask.
> >
> >
> > ./Randy
> >
> > 
> >
> > CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents,
> files or previous e-mail messages attached to it may contain confidential
> information that is legally privileged. If you are not the intended
> recipient, or a person responsible for delivering it to the intended
> recipient, you are hereby notified that any disclosure, copying,
> distribution or use of any of the information contained in or attached to
> this transmission is STRICTLY PROHIBITED. If you have received this
> transmission in error please notify the sender immediately by replying to
> this e-mail. You must destroy the original transmission and its attachments
> without reading or saving in any manner. Thank you.
>
>
>

Re: Evaluating Tier 1 Internet providers

[Bill Blackford]

If this was previously mentioned, my apologies.

The time they can respond to a PNI upgrade. If you have an existing 10G and
wish to add another. Can this be provisioned off the same device to form a
LAG or can they only provide ECMP. May not be something you can evaluate at
contract signing, but it can quickly become an issue when you need it.




On Tue, Aug 27, 2013 at 12:02 PM, Eric Louie  wrote:

> Based on various conversation threads on Nanog I've come up with a few
> criteria for evaluating Tier 1 providers.  I'm open to add other criteria -
> what would you add to this list?  And how would I get a quantitative or
> qualitative measure of it?
>
>
>
> routing stability
>
> BGP community offerings
>
> congestion issues
>
> BGP Peering relationships
>
> path diversity
>
> IPv6 table size
>
>
>
> Seems like everyone offers 5 9's service, 45 ms coast-to-coast, 24x7
> customer support, 100/1Gbps/10Gbps with various DIR/CIR and burst rates.
> I'm shopping for new service and want to do better than choosing on
> reputation.  (or, is reputation also a criteria?)
>
>
>
> much appreciated,
>
> Eric Louie
>
>
>
>


-- 
Bill Blackford

Logged into reality and abusing my sudo privileges.

Re:

[Bill Blackford]

cybermen meet daliks. classic.



On Wed, Dec 12, 2012 at 4:01 PM, TR Shaw  wrote:

> EXTERMINATE, EXTERMINATE, EXTERMINATE,...
>
> On Dec 12, 2012, at 6:59 PM, Jaren Angerbauer wrote:
>
> > On Tue, Dec 11, 2012 at 5:20 PM, flower tailor 
> wrote:
> >> Delete me
> >>
> >
> > As a Dr. Who fan -- DELETE, DELETE, DELETE...
> >
>
>
>


-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Level3 Issues

[Bill Blackford]

I see a few drops in ATLN

-b


On Fri, May 18, 2012 at 1:17 PM, Scott Wolfe  wrote:
> Anyone having BGP issues in and out of Level3 in the past 30 minutes?
>
> --ScottW



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: WW: Colo Vending Machine

[Bill Blackford]

1. patch cables. MMF and SMF, LC and SC and LC/SC to include LC and SC
couplers so one can mix-and-match
2. Velcro wraps.
3. cage nuts/bolts

-b



On Fri, Feb 17, 2012 at 10:35 AM, Jay Ashworth  wrote:
> Please post your top 3 favorite components/parts you'd like to see in a
> vending machine at your colo; please be as specific as possible; don't
> let vendor specificity scare you off.
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth                  Baylink                       
> j...@baylink.com
> Designer                     The Things I Think                       RFC 2100
> Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
> St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: On Working Remotely

[Bill Blackford]

Reading this thread, is encouraging to me. My whole team are remote
workers and for myself, I've asked to maintain a cube in a nearby POP.
I have small ones at home who don't understand why dad can't be as
available to them as they wish. For me, I can't focus well with these
kind of distractions especially if I'm on a call or can't drop what
I'm doing, but I admire those who can. Also, at this point, I don't
have a dedicated "office" area at home and find myself huddled over a
work bench in the garage next to my server rack. Not the most ergo
setting.

That said, unlike my co-workers, I don't get a home office stipend, I
spend more in gas and my days are longer when I add the commute time
into the mix. Ideally, I would like to transition to working more at
home. I also perceive it's going to take some time for me to change
the paradigm of 9-5, (6-4) and transition to a model where I can work
the same amount of hours and be just as productive by logging in these
hours in non-contiguous chunks. Having the ability to "context-switch"
as Jan has labeled it, I believe is key here. This is a helpful
thread, thanks you all for sharing.

-b


On Mon, Dec 5, 2011 at 7:40 AM, Jan Schaumann  wrote:
> David Radcliffe  wrote:
>
>> I do have to say to anyone planning to work from home, make sure you have a
>> proper work space.
>
> For whatever it's worth:
>
> I have been working from home for the last 3.5 years.  I live in
> Manhattan in a one-bedroom with a 4 year and now a 2 months old
> daughter, meaning I work on my laptop in the middle of the livingroom
> with all my life around me.
>
> I context-switch a lot; I put down the laptop to read my daughters a
> story or play for a few minutes, I go shopping, cook etc.  But: when I
> go to visit the office (about once a quarter or so), I wonder how on
> earth my colleagues get any work done.  They are constantly interrupted,
> asked to have coffee, lunch, breakfast, a snack, go for a walk and just
> chew the fat.
>
> Yes, I work a lot at night and on the weekends.  That is the one thing
> that people who do not work from home are not aware of: you have no more
> distinction between "home" and "office", which usually means that when
> I'm home, I'm working.
>
> I could see how having a "home office" with a closed door could create
> this impression of "going to the office" and "coming home", but I don't
> find it either desirable nor (in Manhattan) practical.
>
> -Jan
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Experience with Juniper MX-80s

[Bill Blackford]

I'm probably way off here, but: Imagine an MX with a single RE, 1
MX-MPC2-3D-Q that can be populated with your choice of MICs in FPC-1
and 1 MIC-3D-4XGE-XFP in FPC-0. But, they run a little hot.

-b



On Thu, Aug 11, 2011 at 3:59 PM, Brian Keefer  wrote:
> On Aug 11, 2011, at 6:43 AM, Babak Pasdar wrote:
>
>> Hello NANOG Group,
>>
>> I am curious if anyone has any experiences positive or negative with Juniper 
>> MX-80s.  Our recent experience with Juniper has not been great both in terms 
>> of new product offerings (SRX) and software bugs in the recent revs of Junos 
>> for the MX platform.  I want to know if the MX-80 functions as advertised 
>> and in specific can properly handle two full IPv4 and IPv6 BGP feeds
>
>
> I'm curious about these too.  Specifically, does anyone have 
> experience/thoughts on the anti-DDoS features?  I know there are scenarios it 
> wouldn't begin to address, but are they worth spending time to fiddle with?  
> Also, is anyone taking JFlow off of them?  We're trying to figure out how 
> much we could sample while doing about 900Mbps.  I'm not sure what our PPS 
> looks like off the top of my head.
>
> TIA.
>
> --
> chort
>
>
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Pirate Bay suffering unreachable errors

[Bill Blackford]

Portland OR:


 3  sjc1-pr1-xe-0-0-0-0.us.twtelecom.net (66.192.251.170)  15.584 ms
15.674 ms  15.580 ms
 4  ae2-20g.cr1.sfo1.us.nlayer.net (69.22.143.162)  16.651 ms  16.810
ms  16.900 ms
 5  as40475.ge-0-2-1.cr1.sfo1.us.nlayer.net (69.22.153.90)  16.837 ms
17.037 ms  16.812 ms
 6  ge-0-0-1-4030.ro1.sjc01 (208.83.220.116)  420.042 ms  199.832 ms  21.146 ms
 7  ge-0-0.cal-cr-0.srstubes.net (74.116.251.2)  18.427 ms  18.856 ms  18.866 ms
 8  vlan102.ge-0-3.sth3-core-1.srstubes.net (194.68.0.158)  196.726 ms
 194.888 ms  197.383 ms
 9  ge-1-2.sth4-dr-1.srstubes.net (194.68.0.166)  198.130 ms  197.935
ms  198.112 ms
10  ge-0-1.moria-cr-1.piratpartiet.net (194.68.0.146)  194.774 ms
198.321 ms  196.838 ms
11  thepiratebay.piratpartiet.se (194.14.56.29)  197.033 ms  199.376
ms  197.917 ms
12  * * *
13  * * *
^C

Re: Current recommendations for 2 x full bgp feed

[Bill Blackford]

>> 2 x
>> full BGP feeds over 1Gb/s ports with a third Gb port for the local
>> network?

> For new hardware, I would look at the Juniper M or MX series (depending on 
> your needs) or, if you are wanting Cisco, the ASR series is what to look for. 
> The Juniper routers are going to be less expensive per performance.

I use both ASR and MX80 in my environment. If your needs are only a
few ge interfaces then I would recommended the ASR1002. If you need a
few more interfaces, look the the new MX80-5G bundle or the standard
MX80 with a 20 port MIC. Adding capacity to the ASR gets exponential
especially going up to 10G.

-b


-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: gmail dropping mesages

[Bill Blackford]

ok, there are some in the spam folder. Hmm, didn't think to look there
for the missing ones when my inbox appears to be receivng partial
threads.

Thanks,

-b

On Thu, Apr 21, 2011 at 6:31 PM, Christopher Morrow
 wrote:
> On Thu, Apr 21, 2011 at 9:24 PM, Bill Blackford  wrote:
>> I've recently observed gmail dropping messages or not forwarding all
>> messages/posts  from the nanog list. This is rather annoying.
>>
>> Has anyone else experienced this? Does anyone have any insight as to why?
>
> sometimes nanog mail gets marked as spam for me ... I think spam does
> not get auto-forwarded.
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

gmail dropping mesages

[Bill Blackford]

I've recently observed gmail dropping messages or not forwarding all
messages/posts  from the nanog list. This is rather annoying.

Has anyone else experienced this? Does anyone have any insight as to why?

Thanks,

-b

-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Internet Edge Router replacement - IPv6 route table size considerations

[Bill Blackford]

Chris,

With address exhaustion and deaggregation, the table is only going to
get bigger so choosing anything now that can only handle anything
south of 1M routes is not a wise investment.

Several posters have recommended ASR1002 and MX80. I use both of these
platforms in my environment and have been quite pleased with both.

ARA100x. Cisco has lower/cheaper options here including a 1RU device.
I don't have the specs handy, but these are lacking in scalability
that you will most likely need. I believe the forwarding cap is 2.5G.
With the ASR1002, you can start up with the 5G forwarding board.

The MX80. There are several models/bundles. A good choice for you may
be the MX80-5G. Incidentally, the "5G" does not mean 5gig. It ships
with a 20 port ge MIC that will do line rate. The other MIC and the
on-board 4X 10GE are disabled. As previously mentioned, it doesn't use
TCAM so your V4, V6 routes don't share finite resources with each
other or MAC entires, etc. If you're familiar with the benefits if
JUNOS - once you've used it for awhile - it's hard to go back.

If your environment is rapidly growing, stay away from low CAM
limits,anything that's runs in software, (C7200, C7330, J6350), and
make the jump to line-rate hardware devices.

-b

On Tue, Mar 8, 2011 at 4:15 PM, Chris Enger  wrote:
> Greetings,
>
>    I am researching possible replacements for our Internet edge routers, and 
> wanted to see what people could recommend for a smaller chassis or fixed 
> router that can handle current IPv4 routes and transition into IPv6.  
> Currently we have Brocade NetIron 4802s pulling full IPv4 routes plus a 
> default route.  I've looked at Extreme, Brocade, Cisco, and a few others.  
> Most range from 256k - 500k IPv4 and 4k - 16k IPv6 routes when CAM space is 
> allocated for both.  The only exception I've found so far is the Cisco ASR 
> 1002, which can do 125k v6 along with 500k v4 routes at once.  I'm curious if 
> any other vendors have comparable products.
>
> My concern is trying to find a router (within our budget) that has room for 
> growth in the IPv6 routing space.  When compared to the live table sizes that 
> the CIDR report and routeviews show, some can't handle current routing 
> tables, let alone years of growth.  BGP tweaks may keep us going but I can't 
> see how 16k or fewer IPv6 routes on a router is going to be viable a few 
> years from now.
>
> Thank you,
> Chris Enger
>
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: 10GBASE-T Switches

[Bill Blackford]

> Juniper EX4500 has 40 fixed SFP/SFP+ ports plus 2 uplink modules that
> can contain 4 SFP/SFP+ ports each for a total of 48 10GBASE-X ports.
> Need to buy SFP+ modules or use direct-attach SFP+ cables though.

And is now shipping with a model that can stack and/or join a EX4200 VC stack.
It's either EX4500-40F-VC1-BF or EX4500-40F-VC1-FB depending on whether you
want Front-to-Back or Back-to-Front airflow.

-b


-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Time Warner Transit

[Bill Blackford]

They route well as compared to some in the same league.
Latency is low. They must not over subscribe or run too congested.
Paths in and out of PTLDOR appear fairly optimal. Have no data on other geo's.
NOC support could be a bit more proactive.

-b


On Mon, Feb 7, 2011 at 4:08 PM, Christopher Wolff  wrote:
> Hey guys,
>
> What are you thinking about Time Warner transit lately?  They claim to be
> fully ready to support IPv6.
>
> Thanks in advance, you can hit me offlist if you're not able to share your
> TWTC opinion publicly.
> Christopher
>
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Network Naming

[Bill Blackford]

What I found when visiting this in my own organization that being an
Enterprise and "pseudo" service provider, is that naming fits into
several categories.

1. Hostnames/Prompts
2. Rack Switches in Data centers
3. Path. Meaning routed  interfaces that the world sees in the form of
PTR records.

Prompts:

{Organization}-{Site}-{Dist_Frame}-{Device_Type}{Number}

MYCORP-HQ-2B-S1  (My_Corp., headquarters, 2nd Fl idfb, switch1.

Another way I've named prompts is with relative DNS suffix. This tends
to work best with routers, not so much for rack or access gear.
ex,

CAR1.INAP.STTL#

full DNS name: car1.inap.sttl.my-corp.net


Racks:

Same as above just replacing frame with rack#


Path:
{Interface_Type}{number}.{Device_Type}{number}.{Geo_Location}.{org_fqdn}

For interface type I've been sticking to the Juniper convention as I
find it more consistent than that of Ciscos.

I have a document that describes the convention of every field of
every type in order to maintain consistency.

What I struggle with is trying to find a consistent naming convention
for gear behind the firewall vs. on the outside that is publicly
visible.

-b



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Is Cisco equpiment de facto for you?

[Bill Blackford]

Subway subs started offering toasted as an option in response to the
success of Quiznos Subs.

So many vendors have been chasing the "me too" feature match behind
Cisco for so many years it interesting to see Cisco doing the same
behind Juniper.

-b



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

ig after a set time without a reboot.  It still doesn't seem to be as
nice as JUNOS rollback.
>
>
>
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Cacti Bandwidth Monitoring

[Bill Blackford]

Sounds like you need to use the 64 bit templates as your data may be
"rolling over".
-b
-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Recommendations for Metro-Ethernet Equipment

[Bill Blackford]

Unrelated, but...

I use Extreme Summit in low-touch, user access areas because of it's
low cost and stacking capability as compared to J and C. I figure you
get what you pay for. The interface stats, ease of functionality for
some of the features I frequent, are seriously lacking. I've been told
that I could write a script to get close to the same functionality
that I get by default with my other two vendor choices, but I find
that unacceptable. I experienced that the LLDP-MED seems to require a
"re-config" occasionally to work consistently, so,... this vendor
would not be my first choice to venture into a new technology. Others
posters [YMMV].

Now, the Extreme cost/benefit, small form factor and features such as
their proprietary ring protocol (similar to Cisco REP),  may make them
a contender for MEF applications. I can't say. For high-touch, high
visibility purposes, I'm making other choices.

-b

-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

an their purple color
> and that I don't really know their IOS that well. But to be fair, they have 
> worked just fine.
>
> In the future I hope we can migrate over to cisco switches because I'm 
> bias. =)
>
>
>
>> From: mer...@metalink.net
>> To: nanog@nanog.org
>> Subject: RE: Recommendations for Metro-Ethernet Equipment
>> Date: Thu, 21 Oct 2010 15:05:37 -0400
>>
>> Thanks to everyone who responded. Just got done talking with Extreme which
>> no one really mentioned. Seems like decent gear reasonably priced. Anyone
>> care to comment on them specifically or have them used them a metro Ethernet
>> build?
>>
>>
>> =
>> Eric Merkel
>> MetaLINK Technologies, Inc.
>> Email: merkel at metalink.net
>>
>>
>> -Original Message-
>> From: Dan Armstrong [mailto:d...@beanfield.com]
>> Sent: 2010-10-20 19:50
>> To: Ramanpreet Singh
>> Cc: Jason Lixfeld; nanog@nanog.org
>> Subject: Re: Recommendations for Metro-Ethernet Equipment
>>
>> I think that's what Jason just said. :-)
>>
>>
>>
>>
>> On 2010-10-20, at 5:24 PM, Ramanpreet Singh wrote:
>>
>> > 7600's/ASR 1k
>> >
>> > Have you looked in to Ciso ME 3600X/ME 3800X series?
>> >
>> > Without a bias these are the top notch products in the market for Metro E.
>> >
>> > -Raman
>> >
>> > On Wed, Oct 20, 2010 at 12:57 PM, Jason Lixfeld  wrote:
>> >> On 2010-10-20, at 11:24 AM, Eric Merkel wrote:
>> >>
>> >>> Any suggestions, success or horror stories are appreciated. ;)
>> >>
>> >> I've been going through pretty much the same exercise looking for a
>> decent PE for almost two years.  Our requirements were for a PE device that
>> had between 12-24 ports (in a perfect world, mixed mode 10/100/1000 copper +
>> SFP), 10G uplinks, EoMPLS, MPLS VPN, DHCP server, port-protect/UNI (or
>> similar) capabilities, DC power and a small footprint (1RU)
>> >>
>> >> Of all the ones we looked at (Juniper, Cisco, Extreme, Brocade, MRV,
>> Alcatel) initially, MRV was the only contender.  The rest either didn't have
>> a product, or their offering didn't meet various points within our criteria.
>> >>
>> >> As such, we bought a bunch of MRVs in early 2009 and after four months of
>> trial and error, we yanked every single one out of the network.  From a
>> physical perspective, the box was perfect.  Port density was perfect,
>> mixed-mode ports, promised a 10G uplink product soon, size was perfect,
>> power was perfect, we thought we had it nailed.  Unfortunately there are no
>> words to describe how terrible the software was.  The CLI took a little
>> getting used to, which is pretty much par for the course when you're dealing
>> with a new vendor, but the code itself was just absolutely broken,
>> everywhere.  Duplex issues, LDP constantly crashing taking the box with it,
>> OSPF issues, the list went on and on.  To their credit, they flew engineers
>> up from the US and they were quite committed to making stuff work, but at
>> the end of the day, they just couldn't make it go.  We pulled the plug in
>> May 2009 and I haven't heard a thing about their product since then, so
>> maybe they've got it all together.
>> >>
>> >> While meeting with Juniper a few months later about a different project,
>> they said they had a product that might fit our needs.  The EX4200.  As
>> such, we had a few of these loaned to our lab for a few months to put
>>

A10

[Bill Blackford]

Anyone on list have any experience with A10 app performance products?
How do they compare with F5, CSS, Netscaler, etc. In particular,
stability, throughput, how they handle affinity, stickiness, pools
(adding, removing nodes live), load balancing algorithms, SSL accel,
reports/stats, etc.

Thanks in advance for any input

-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Facebook Issues/Outage in Southeast?

[Bill Blackford]

yes, and Qwest is no longer experiencing issues according to IHR.

-b

-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Advice regarding Cisco/Juniper/HP

[Bill Blackford]

Not to stir the pot, but Extreme is making some good products at a low
cost and have lifetime warranties. I've been using them lately in the
end-user edge as lower cost POE termination. They do LLDP-MED
flawlessly so Cisco, or other phones get their voice vlan and pass the
data vlan. Now, they are missing some of the prime-time features found
in J and C which is why I wouldn't recommend them in the agg or core.

-b

On Thu, Jun 17, 2010 at 9:37 AM, Tom  wrote:
> On Thu, 17 Jun 2010, James Smith wrote:
>>
>> So my questions to the NANOG community are: Would you recommend HP over
>> Cisco or Juniper?
>
> Pretty much never, unless you're talking about a rebadged Brocade product.
> Every time I've seen HP networking gear in production, its usually before it
> gets replaced with something else. The last install I dealt with was having
> so many problems it had a constant %10 packetloss on a simple flat network.
>
>> How is HP's functionality and performance compared to Cisco or Juniper?
>
> Typically poor, but this varies widely with the series of HP gear.
> The software updates available also vary widely in quality, and I have
> rarely gotten a good answer from HP support on anything.
>
>> Does anyone have any HP networking experiences they can share, good or
>> bad?
>
> To end on a positive note, HP does have a good warranty, is typically fairly
> low cost and provides free software updates.
>
> -Tom
>
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Advice regarding Cisco/Juniper/HP

[Bill Blackford]

And to add to it here's a Cisco SFP in a Juniper chassis showing a
serial number that looks suspiciously like a Finisar serial number.

 PIC 1  REV 04   711-021270   AR0209216364  4x GE SFP
Xcvr 0NON-JNPR FNS0932K03B   SFP-SX


-b

On Thu, Jun 17, 2010 at 8:01 AM, Jeff Kell  wrote:
> On 6/17/2010 10:40 AM, Andrew Thrift wrote:
>>  Another major negative with the HP gear for us is that their switches
>> only support SFP/SFP+ modules manufactured by HP, so those SFP+
>> Twin-AX cables that came with your Dell/IBM Blade chassis will be
>> useless to connect to your HP Switches, to add insult HP often sell
>> their own modules at 3x the price of an equivalent module from say
>> Extreme or Juniper.
>
> Very true (and you thought Cisco was proud of their branded optics...).
>
> Apparently the HP ink cartridge marketing department is in cahoots with
> their network optics counterparts :-)
>
> Jeff
>
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

TWTC

[Bill Blackford]

Anyone on the list seeing issues with Time warner on the West coast?



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Cisco ASR

[Bill Blackford]

I've been running two asr1002's in production now on XND2 and so far
(he knocks on wood) they've been stable. Very simple config on my end,
OSPF, BGP with full routes, all interfaces are fixed, IOW, no add on
SPAs. I can push well over 100k PPS on each interface and the boxes
are asleep. My NPE-Gx's would fall over at that rate. All in all, I've
been pleased with them. Now, if I could just jail break the ASR;s and
load JUNOS ;)

-b

On Wed, May 26, 2010 at 4:32 AM, Rodney Dunn  wrote:
> Sherwin,
>
> Let's move this specific crash/code question over to
> cisco-...@puck.nether.net.
>
> Try the 12.2(33)XNF1 release.
>
> If you would like to try and find the matching bug for what you are seeing
> before you upgrade email me offline with the crashinfo file and the full
> logs and I'll get someone to take a look at it with you.
>
> Thanks,
> Rodney
>
>
> On 5/26/10 4:10 AM, Sherwin Ang wrote:
>>
>> using ASR1006 here, had 2 automatic reboots last friday which is not a
>> good sign.
>>
>> System image file is
>> "bootflash:/asr1000rp1-adventerprisek9.02.04.02.122-33.XND2.bin"
>> Last reload reason: Critical software exception, check
>> bootflash:crashinfo_RP_01_00_20100521-080244-XXX
>>
>> last thing i always see before boom,
>>
>> May 21 07:27:11.752 XXX: %BGP-6-BIGCHUNK: Big chunk pool request (252)
>> for community. Replenishing with malloc
>>
>> i am starting to feel ASR1000 series' software is not yet ready for
>> primetime, but there are newer software available, will try that first
>> and if it still fails, then i'll cancel all ASR1000 orders.
>>
>>
>>
>>
>> On Tue, May 25, 2010 at 8:05 AM, Elijah Savage III
>>   wrote:
>>>
>>> On 5/24/10 4:00 PM, "Thomas Magill"  wrote:
>>>
>>>> Anyone using ASRs?  We are demoing one to possibly upgrade our 7206s.
>>>> We are seeing what looks like a memory leak on the RP.  Cisco is looking
>>>> at it and says they haven't seen it before.  I am wondering if anyone
>>>> else has run across this.  With the default 2G of memory the RP only had
>>>> about 1% free memory, and the router was rebooting every 5 days or so
>>>> when the RP ran out.  We upgraded and now have about 60% free on the RP,
>>>> but I still see the used memory incrementing at a pretty steady rate.
>>>> We are running IOS-XE 12.2(33)XNF.
>>>>
>>>>
>>>>
>>>> The router is currently not even routing traffic, just acting as a BGP
>>>> peer so it has one set of full tables.  It seems to be a process on the
>>>> Linux OS side that has the leak as the IOS memory commands show
>>>> everything staying pretty static.
>>>>
>>>>
>>>>
>>>> Thomas Magill
>>>> Network Engineer
>>>>
>>>> Office: (858) 909-3777
>>>>
>>>> Cell: (858) 869-9685
>>>> mailto:tmag...@providecommerce.com<mailto:tmag...@providecommerce.com>
>>>>
>>>>
>>>> provide-commerce
>>>> 4840 Eastgate Mall
>>>>
>>>> San Diego, CA  92121
>>>>
>>>>
>>>>
>>>> ProFlowers<http://www.proflowers.com/>    | redENVELOPE
>>>> <http://www.redenvelope.com/>    | Cherry Moon Farms
>>>> <http://www.cherrymoonfarms.com/>    | Shari's Berries
>>>> <http://www.berries.com/>
>>>>
>>> I am using a few 1002's and I am not seeing that issue. I will get you
>>> the
>>> IOS train later.
>>>
>>>
>>>
>>>
>>
>
>



-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: 10GBase-t switch

[Bill Blackford]

You might look at Juniper EX3200 with a EX-UM-2XFP and then optics of your
choice (EX-XFP-10GE-SR)

-b

On Wed, Mar 10, 2010 at 1:46 PM, Mirko Maffioli wrote:

> I'm searching for a switch with at least one 10Gbase-T ethernet port
> and some gigabit ethernet for lab test.
> >From cisco web site i've seen for example a 3560 model with X2 module
> and CX4 port but nothing with 10Gb-T.
>
> Unfortunately my budget couldn't arrive to nexus or cat6500
>
> Do you have some other vendor model i can check?
>
> Bye
> Mirko
>
>


-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: CYMRU Bogon Peering

[Bill Blackford]

I've been doing this for some time on two routers injecting the null routes
into my AS. No issues. Beats the heck out of trying to use ACLs. However,
the prefix count is rapidly diminishing as more blocks are being released by
the various RIRs hence being pulled from the bogon list.

-b

On Fri, Feb 12, 2010 at 12:51 PM, Thomas Magill  wrote:

> In efforts to further protect us against threats I am considering
> establishing Bogon peers to enable me to filter unallocated address
> space.  I am just wondering if this is a worthwhile step to take and if
> anyone has ran into any issues or points of concern that I may want to
> take into account.  Thanks in advance for any input.
>
>
>
> Thomas Magill
> Network Engineer
>
> Office: (858) 909-3777
>
> Cell: (858) 869-9685
> mailto:tmag...@providecommerce.com <mailto:tmag...@providecommerce.com>
>
>
> provide-commerce
> 4840 Eastgate Mall
>
> San Diego, CA  92121
>
>
>
> ProFlowers <http://www.proflowers.com/>  | redENVELOPE
> <http://www.redenvelope.com/>  | Cherry Moon Farms
> <http://www.cherrymoonfarms.com/>  | Shari's Berries
> <http://www.berries.com/>
>
>
>
>


-- 
Bill Blackford
Network Engineer

Logged into reality and abusing my sudo privileges.

Re: Experiences with Comcast Ethernet/Transit service

[Bill Blackford]

I've found them to be quite sufficient here in the PDX metro area. They
support all L2 tunnels, in particular, QnQ which I require. We have diverse
paths, multiple strands and multi-colored. We are a bit of a special case as
we are serviced by a group that is intended for government and education
which gives us pricing breaks. The commercial shots I have out to meet-me
POPs are priced diffrently. Their CPE devices are migrating to Cisco ME3400,
etc. devices. Their tiered pricing is based on link speed which I'm not
necessarily pleased with but they're starting to become more flexible. They
aren't currently honoring our P-tags so our locations that may be
oversubscribed have difficulty with priority queueing. Their new core in our
area is a single C 7.6k. I would rather they moved from their older F Big
Iron to a J MX or C GSR, but I'm sure the group that services us is faced
with limited resources (ref pricing breaks earlier). The customer portal
provides custom/customer views on their Orion instance which I find even
more useful than my own Cacti graphs at times. The engineering staff is very
accesible (again our group is unique). I'd like to see them put gear in more
colos and hotels. Their uptime and reliability from my perspective has been
right on target.

-b

On Thu, Jan 7, 2010 at 11:40 PM, Brent Jones  wrote:

> On Wed, Dec 23, 2009 at 1:10 AM, Brandon Galbraith
>  wrote:
> > We're looking at using Comcast's (business) transit and private ethernet
> > services at several client locations and I wanted to see what experiences
> > others have had regarding this. Off-list replies are preferred.
> >
> > Thanks,
> > -brandon
> >
> > --
> > Brandon Galbraith
> > Mobile: 630.400.6992
> >
>
> This was a timely question, as we've have a GigE fiber line with them
> for 6 months now.
> Largely, the link performs at ~999Mbit 99% of the time  :)
> However, we've had two issues with connectivity that seem to originate
> from their network. The link will show up, but both sides of our fiber
> will show 0 frames received, and lots of transmit errors. It takes a
> call into the Comcast NOC each time for them to resolve it, but
> they've been silent on what may actually be going on. These
> interruptions last anywhere from 30 minutes, to the last one almost 7
> hours (luckily over a weekend).
>
> Benefits to this, being Metro Ethernet, they do support tagged VLAN's,
> so cost to entry is low in terms of equipment and setup/support.
>
> Our link goes between downtown Portland, OR, to across the river to
> East Vancouver and Mill Plain.
>
> --
> Brent Jones
> br...@servuhome.net
>
>


-- 
Bill Blackford
Network Engineer

Re: ASR1002

[Bill Blackford]

I'm finding this to be a fascinating thread as I am currently in the process
of evaluating some M7i's vs. some ASR1002's. Seems the Jun's have settled
into a less reflexive release schedule then the ASRs currently. At some
point I'm sure the ASR's release schedule will settle into a trend more like
that of the SXI on the 6.5k or the SRx on the 7.6k.

I too, will need
BGP
Netflow
Traffic profiling/NBAR
uRPF
micro packet bursts
etc.,
and hoping to keep it in all in hardware. This may be better suited for the
Cisco-nsp list, but I am interested, as I'm sure is the OP, in more opinions
of stable releases/trains. Maybe a question better suited for the cisco-nsp
list.

thanks all

-b

On Wed, Jan 6, 2010 at 7:08 PM, McDonald Richards <
mcdonald.richa...@gmail.com> wrote:

> I'd recommend 2.4.x (XNDx) unless you REALLY need the BGP PIC features in
> 2.5. 2.4 was the first release to support L2VPNs and should be mature
> enough
> in it's general support of MPLS/VRFs. 2.5 is still VERY new and was only
> released publicly in December.
>
> 2.4.2 still has a few bugs but for the features you've listed above, should
> be stable enough. After running it since it's release (2.3.2 previously)
> I've not seen a software crash on any of our ASR1Ks. I run a mix of RP1 and
> RP2 devices and since this an ASR1002 you'll be after the RP1 code.
>
> McDonald
>
>
> On Thu, Jan 7, 2010 at 11:45 AM, Jared Mauch 
> wrote:
>
> > I would run at least the 2.5 software (XNE).
> >
> > You don't mention if you have RP1 or RP2, if you're doing sw redundancy
> or
> > hw redundancy or both, etc.. This will also have an impact.
> >
> > I've seen some 'odd' issues with BGP on the ASR1k, so you really do want
> to
> > track the latest code.  It's also recommended to keep a close eye on your
> > memory utilization and if/when any cores show up on the harddisk(s).
> >
> > - Jared
> >
> > On Jan 6, 2010, at 7:36 PM, Kenny Sallee wrote:
> >
> > > Anyone have recommendations on solid IOS XE code for ASR 1002 that's
> just
> > > doing:
> > >
> > > - BGP
> > > - VRF's
> > > - Many sub-interfaces and ACL's
> > >
> > > It shipped with 02.04.02.122-33.XND2.bin
> > >
> > > Thanks,
> > > Kenny
> >
> >
> >
>



-- 
Bill Blackford
Network Engineer

Re: D/DoS mitigation hardware/software needed.

[Bill Blackford]

A lot of this has to do with scaling the environment. I've had plenty of
asa's and even netscreens fall over from state-table and session
limitations. I've also seen a hosts fill up the connection table prior to a
firewall being affected. I'm not familiar with the specs and anyone can
chime in, but the newer variety of SRX's, I believe implement more in
hardware as line-rate routers do. A layered approach is useful as well. If
the source can be identified via netflow and null routed before it gets to
the firewall and content layer, then all the better. This is much more
tricky with DDOS so having robust firewall that can eat traffic is helpful.

My 3 cents

-b

On Mon, Jan 4, 2010 at 7:35 PM, Christopher Morrow
wrote:

> On Mon, Jan 4, 2010 at 9:18 PM, jim deleskie  wrote:
> > What Roland said, I've seen people do this, no rules in place, still
> > was able to kill the box (firewall) with a single CPU server.
>
> not to pile on, but... +1 to roland here as well. I've seen more than
> enough folks put in a 'firewall' in front of their 'server' (say a
> mail server) and then watch that die long before the rest of the
> system did.
>
> Now, if you have equipment capable today of doing a few million
> session creates/second and you feel comfortable that you can keep
> track of how attacks grow vs your capacity stays the same and move
> ahead of the curve well enough, then... by all means do as you want :)
>
> There's a cost analysis which Roland sidestepped here as well,
> state-tracking at the rates required is expensive, as compared to
> relatively simple acls in hardware with no state on the upstream
> router.
>
> Spend where it matters, and make sure you understand where the failure
> points are that you place into your network.
>
> -chris
>
> > -jim
> >
> > On Mon, Jan 4, 2010 at 10:04 PM, Dobbins, Roland 
> wrote:
> >>
> >> On Jan 5, 2010, at 4:25 AM, Jeffrey Lyon wrote:
> >>
> >>> Use a robust firewall such as a Netscreen in front of your mitigation
> >>> tool.
> >>
> >> Absolutely not - the firewall will fall over due to state-table
> exhaustion before the mitigation system will.  Firewalls (which have no
> place in front of servers in the first place), load-balancers, and any other
> stateful devices should be southbound of the mitigation system.
> >>
> >> -------
> >> Roland Dobbins  // <http://www.arbornetworks.com>
> >>
> >>Injustice is relatively easy to bear; what stings is justice.
> >>
> >>-- H.L. Mencken
> >>
> >>
> >>
> >>
> >>
> >
> >
>
>


-- 
Bill Blackford
Network Engineer

Re: Power Analysis/Management Tools

[Bill Blackford]

Same. Cacti

-b

On Mon, Oct 26, 2009 at 2:33 PM, Greg Whynott wrote:

> I'd think SNMP will be what any product uses to query APC gear,  even their
> own suite uses SNMP to collect information and receive traps.
> We use cacti to graph our loads on the APC power bars and UPS gear, gives
> you everything you need on all phases/legs,  was there something in
> particular you were after?
>
> -g
>
>
> -Original Message-
> From: Brandon Galbraith [mailto:brandon.galbra...@gmail.com]
> Sent: Monday, October 26, 2009 4:59 PM
> To: nanog@nanog.org
> Subject: Power Analysis/Management Tools
>
> Not to go too off-topic, but if there is a more preferred location for me
> to
> ask, please let me know. I'm looking for recommendations on open source
> packages that people are using for monitoring power utilization of their
> network/server gear.
>
> We're using Cacti currently, pulling the data from APCs via SNMP, and I
> wanted to check if someone had come across a better method before I
> reinvented the wheel.
>



-- 
Bill Blackford
Network Engineer

Re: WS-X6148A-GE-TX performance question

[Bill Blackford]

There was a good thread on Cisco-nsp regarding this exact subject recently.
My recollection is that both X6148 and X6148A have just 6 1GB ASICs.
Therefore the over subscription rate is 8:1. The biggest difference between
these LC's is that X6148A will support large MTU whereas X6148 will not.

-b


On Thu, Sep 10, 2009 at 2:17 PM, Scott Spencer wrote:

>  Are the X6148A cards dedicated 1 gb/s uplink for each port ( shared 32
> Gb/s
> bus , as long as each port is it's own 1 gb/s still to the 32gb/s bus and
> not shared with 7 other ports, so effectively just 125Mb/s per port then if
> all used at full/even capacity) ?
>
> I can't really find anything much on X6148A internal architecture online,
> but it would seem that each port gets its own 1gb/s link to the
> card/backplane, and that the bottleneck then is the 32gb/s backplane (which
> is fine, as long as it's not 1 gb/s per each set of 8 ports!).
>
>
> Best regards,
>
> Scott Spencer
> Data Center Asset Recovery/Remarketing Manager
> Duane Whitlow & Co. Inc.
> Nationwide Toll Free: 800.977.7473.  Direct: 972.865.1395  Fax:
> 972.931.3340
>  <mailto:sc...@dwc-computer.com> sc...@dwc-computer.com
> <http://www.dwc-it.com/> www.dwc-it.com
> Sales of new and used Cisco/Juniper/F5/Foundry/Brocade/Sun/IBM/Dell/Liebert
> and more ~
>
>


-- 
Bill Blackford
Network Engineer

Hotmail Postmaster

[Bill Blackford]

Can someone from Hotmail contact me off list?

Sorry for the SPAM posting, we've tried other methods.

Thanks

-b

--
Bill Blackford 
Senior Network Engineer
Technology Systems Group   
Northwest Regional ESD 

my /home away from home

Cisco ASR100x

[Bill Blackford]

Anyone on the list have any experience with ASR1000 series and IOS XE? From 
what I've read, Cisco is attempting to move to a more modular software as JUNOS 
has been doing for some time.

I am curious about the reliability and stability of the platform. I am also 
interested in the differences in the IOS XE vs. IOS.

Thanks

-b

--
Bill Blackford

RE: Gigabit speed test anybody?

[Bill Blackford]

Rick. The speedtests are only as good as the hosts they're hosted on and the 
path by which you reach them.

I use iperf on each end of a link that I'm turning up. I put Linux hosts at 
both endpoints, but I believe iperf comes in a windows flavor too.

-b

From: Rick Ernst [er...@easystreet.com]
Sent: Wednesday, March 25, 2009 11:05 AM
To: nanog@nanog.org
Subject: Gigabit speed test anybody?

Resent from my subscribed address. Hopefully this isn't a dupe to anybody.
---


I'm working on turning up our first GigE connection (400mbs CIR) and the
various online speedtests I'm aware of choke after about 100Mbs or so.

Does anybody know of testing sites that can handle higher bandwidth, or
have an ftp host or similar to test against?

I'm connected to Level3, backhauled to Seattle, WA.

Thanks,
Rick

RE: SUP720 vs. SUP32

[Bill Blackford]

Thank you to everyone who offered advice. I thinks it's clearer what my path 
should be.

Incidentally, I am using 7300/7200 based units with G1 RP and found that at 
200M they start seeing 50% CPU load which is why I'm looking to go to the next 
step.

Again, thanks to all

-b

-Original Message-----
From: Bill Blackford [mailto:bblackf...@nwresd.k12.or.us] 
Sent: Wednesday, March 11, 2009 11:18 AM
To: nanog@nanog.org
Subject: SUP720 vs. SUP32

Anyone have any experience with SUP32? Please contact me off list.

I'm trying to evaluate a lower-cost alternative to the 720-3bxl.
I'm only pushing a few hundred megs of traffic, exchanging a few routes with 
less than 20 peers and don't see the need for a 720's worth of throughput in 
the near future.

Can the 32 handle a full table?
How does the MFSC2A compare to the MFSC3?
V6 support?

Thank you.

--
Bill Blackford 
Senior Network Engineer

my /home away from home

SUP720 vs. SUP32

[Bill Blackford]

Anyone have any experience with SUP32? Please contact me off list.

I'm trying to evaluate a lower-cost alternative to the 720-3bxl.
I'm only pushing a few hundred megs of traffic, exchanging a few routes with 
less than 20 peers and don't see the need for a 720's worth of throughput in 
the near future.

Can the 32 handle a full table?
How does the MFSC2A compare to the MFSC3?
V6 support?

Thank you.

--
Bill Blackford 
Senior Network Engineer

my /home away from home

RE: real hardware router VS linux router

[Bill Blackford]

In scaling upward. How would a linux router even if a kernel guru were to tweak 
and compile an optimized build, compare to a 7600/RSP720CXL or a Juniper PIC in 
ASIC? At some point packets/sec becomes a limitation I would think.

-b

-Original Message-
From: Ryan Harden [mailto:harde...@uiuc.edu]
Sent: Thursday, February 19, 2009 6:37 AM
To: Deric Kwok
Cc: nanog@nanog.org
Subject: Re: real hardware router VS linux router

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

While you could probably build a linux router that is just as fast as a
real hardware router, you're always going to run into the moving pieces
part of the equation.

In almost all scenarios, moving parts are more prone to failure than
non-moving parts.

Regardless of what you find out in your research, consider the above in
your cost-benefit analysis.

/Ryan

Deric Kwok wrote:
> Hi All
>
> Actually, what is the different hardware router VS linux router?
>
> Have you had experience to compare real router eg: cisco VS linux router?
>
> eg: streaming speed... tcp / udp
>
> Thank you for your information

- --
Ryan M. Harden, BS, KC9IHX  Office: 217-265-5192
CITES - Network Engineering Cell:   630-363-0365
2130 Digital Computer Lab   Fax:217-244-7089
1304 W. Springfield email:  harde...@illinois.edu
Urbana, IL  61801

 University of Illinois at Urbana/Champaign
University of Illinois - ICCN
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmdbpcACgkQtuPckBBbXboREgCguTikt2UwEIRHNfoNzASreLD/
YLcAoKdr/Gbw8CQuY9dTitvGQdD3+H0s
=bsHP
-END PGP SIGNATURE-

RE: Paypal DNS Problems?

[Bill Blackford]

Looks ok here.

-b

-Original Message-
From: John Martinez [mailto:jmarti...@zero11.com]
Sent: Thursday, January 29, 2009 1:56 PM
Cc: nanog@nanog.org
Subject: Re: Paypal DNS Problems?

B C wrote:
> As the subject says really, paypal's DNS servers don't appear to be
> responding for me...
>
>
> [r...@oracle1 oracle]# dig @a.gtld-servers.net paypal.com
>
> ; <<>> DiG 9.2.4 <<>> @a.gtld-servers.net paypal.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38254
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;paypal.com.IN  A
>
> ;; AUTHORITY SECTION:
> paypal.com. 172800  IN  NS  ppns1.den.paypal.com.
> paypal.com. 172800  IN  NS  ppns1.phx.paypal.com.
> paypal.com. 172800  IN  NS  ppns2.den.paypal.com.
> paypal.com. 172800  IN  NS  ppns2.phx.paypal.com.
>
> ;; ADDITIONAL SECTION:
> ppns1.den.paypal.com.   172800  IN  A   216.113.188.121
> ppns1.phx.paypal.com.   172800  IN  A   66.211.168.226
> ppns2.den.paypal.com.   172800  IN  A   216.113.188.122
> ppns2.phx.paypal.com.   172800  IN  A   66.211.168.227
>
> ;; Query time: 32 msec
> ;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
> ;; WHEN: Thu Jan 29 21:34:58 2009
> ;; MSG SIZE  rcvd: 180
>
> [r...@oracle1 oracle]# dig @216.113.188.121 paypal.com ns
>
> ; <<>> DiG 9.2.4 <<>> @216.113.188.121 paypal.com ns
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> [r...@oracle1 oracle]#
> [r...@oracle1 oracle]# dig @66.211.168.226 paypal.com ns
>
> ; <<>> DiG 9.2.4 <<>> @66.211.168.226 paypal.com ns
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>

I'm not seeing any issues.
Is anyone else?